Operations | Monitoring | ITSM | DevOps | Cloud

Announcing Harvester Beta Availability

It has been five months since we announced project Harvester, open source hyperconverged infrastructure (HCI) software built using Kubernetes. Since then, we’ve received a lot of feedback from the early adopters. This feedback has encouraged us and helped in shaping Harvester’s roadmap. Today, I am excited to announce the Harvester v0.2.0 release, along with the Beta availability of the project!

How to run ECS Anywhere workloads using Ubuntu on any infrastructure

ECS Anywhere allows you to use Amazon Web Services’ container service outside of the AWS cloud, and Canonical is proud to be a launch partner for this service. Using Ubuntu as the base OS for your ECS clusters on-prem or elsewhere will allow you to benefit from Ubuntu’s world-leading hardware support, professional services, and vast ecosystem, in turn allowing your ECS clusters to run with optimal performance everywhere you need it.

Announcing support for Amazon ECS Anywhere

Amazon Elastic Container Service (ECS) is a managed compute platform for containers that was designed to be simple to configure, with opinionated defaults to help users get started quickly. ECS customers can run containerized workloads on either Amazon EC2 instances or the serverless Fargate platform without having to maintain a control plane—and can easily integrate ECS with other AWS resources, like Network Load Balancers, to architect their infrastructure.

Use Logz.io to Instrument Kubernetes with OpenTelemetry & Helm

Logz.io is always looking to improve the user experience when it comes to Kubernetes and monitoring your K8s architecture. We’ve taken another step with that, adding OpenTelemetry instrumentation with Helm charts. We have made Helm charts available before, previously with editions suitable for Metricbeat and for Prometheus operators.

Top 10 PromQL examples for monitoring Kubernetes

In this article, you will find 10 practical Prometheus query examples for monitoring your Kubernetes cluster. So you are just getting started with Prometheus, and are figuring out how to write PromQL queries. At Sysdig, we’ve got you covered! A while ago, we created a PromQL getting started guide. Now we’ll jump in skipping the theory, directly with some PromQL examples.

Securing containers on Amazon ECS Anywhere

Amazon Elastic Container Service (ECS) Anywhere enables you to simply run containers in whatever location makes the most sense for your business – including on-premises. Security is a key concern for organizations shifting to the cloud. Sysdig has validated our Secure DevOps platform with ECS Anywhere, giving AWS customers the security and visibility needed to run containers confidently on the new deployment model.

What's new in Sysdig - May 2021

Welcome to another monthly update on what’s new from Sysdig. Eid Mubarak! Our team continues to work hard to bring great new features to all of our customers, automatically and for free! Most importantly, of course, was our recent funding round! I won’t repeat all the details as you can read more about what it means here. However, we are super excited about all the new feature improvements we can fund and bring to our customers!

5 Strategies for Safeguarding your Kubernetes Security

Since Google first introduced Kubernetes, it’s become one of the most popular DevOps platforms on the market. Unfortunately, increasingly widespread usage has made Kubernetes a growing target for hackers. To illustrate the scale of the problem, a Stackrox report found that over 90% of respondents had experienced some form of security breach in 2020. These breaches were due primarily to poorly-implemented Kubernetes security.

What Is Container Orchestration?

Since the revolutionization of the concept by Docker in 2013, containers have become a mainstay in application development. Their speed and resource efficiency make them ideal for a DevOps environment as they allow developers to run software faster and more reliably, no matter where it is deployed. With containerization, it’s possible to move and scale several applications across clouds and data centers. However, this scalability can eventually become an operational challenge.

Kubernetes automation with Relay

Kubernetes — a popular open source container orchestration system — enables you to easily deploy, monitor, and scale cloud-native application workloads in both private and public cloud environments. In other words, Kubernetes does the hard work of managing containerized applications, giving you more time to spend building it.

Top 15 Kubernetes Resources

While Kubernetes is a very powerful and comprehensive application, it can also be very complicated and confusing to new users. Thankfully, the community is great at pulling together to try to tame the Kubernetes beasts, and as more users join the platform, more handy tools to help you manage your cluster are developed. Kubernetes Resources range from everyday helper tools to development tools to troubleshooting tools, and in this article we’ll discuss fifteen of the best ones.

June 2021 Civo Roadmap Update

In October 2020 we released the community-driven roadmap for 2021. It's time to revisit and see all the things we have completed from the list! I am very proud to say that at Civo we have taken the community suggestions and implemented most of them during the launch on May 4th 2021. Let's dive into each of the features listed in the original blog post and see where we are with the 2021 Civo Roadmap.

Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack

The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: By exploiting the vulnerability, adversaries could be able to redirect pod traffic even though Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range.

Securing the new AWS App Runner service

In its mission to simplify building and running cloud-native applications for users, Amazon has announced the GA of AWS App Runner, a new purpose-built container application service. With security top of mind for most organizations shifting to the cloud, Sysdig has collaborated with AWS to enable threat detection for the new platform.

How to debug Kubernetes Pending pods and scheduling failures

When Kubernetes launches and schedules workloads in your cluster, such as during an update or scaling event, you can expect to see short-lived spikes in the number of Pending pods. As long as your cluster has sufficient resources, Pending pods usually transition to Running status on their own as the Kubernetes scheduler assigns them to suitable nodes. However, in some scenarios, Pending pods will fail to get scheduled until you fix the underlying problem.

Untangling Network Policies on K8s

Network Policy is a critical part of building a robust developer platform, but the learning curve to address complex real-world policies is not tiny. It is painful to get the YAML syntax right. There are many subtleties in the behavior of the network policy specification (e.g., default allow/deny, wildcarding, rules combination, etc.). Even an experienced Kubernetes YAML-wrangler can still easily tie their brain in knots working through an advanced network policy use case.

Easily monitor and alert on your Kubernetes clusters with the new Grafana Cloud integration

Today we’re excited to introduce the Kubernetes integration for Grafana Cloud, our composable observability platform bringing together metrics, logs, and traces with Grafana. Grafana Cloud users can now easily monitor and alert on core Kubernetes cluster metrics using the Grafana Agent, our lightweight observability data collector optimized for sending metric, log, and trace data to Grafana Cloud.

See your logs and metrics together with LogDNA and Sysdig integration

Observability is the key to solving problems quickly, and organizations use many tools to try to increase visibility in their environments so they don’t miss anything. Typical sources of observability include metrics, logs, and traces. The foundation of monitoring, metrics are predictable counts or measurements that are aggregated over a specific period of time. Timestamped records of discrete events that can store outputs from applications, systems, and services.

What Is Thanos - Use Cases

When you hear the word "Thanos," your first thought might be the Marvel Cinematic Universe villain from the Avengers: Infinity War film who seeks to collect the Infinity Stones and end half of all life in the universe. But if you mention the word to a data nerd, you're likely to get a very different response. Prometheus is a free and open-source platform for real-time systems and event monitoring and alerting.

Introduction to K3s

Whether you’re new to the cloud native space or an accomplished practitioner, you’re probably aware that there are many Kubernetes distributions to choose from. Maybe you’ve heard about the challenges of getting up and running with Kubernetes. Guess what? It doesn’t have to be hard. This blog provides an introduction to K3s, a lightweight CNCF-certified Kubernetes distribution. We’ll look at what makes K3s different from other Kubernetes distributions.

Introducing Kubewarden, an Open Source Policy Engine

Security has always been a wide and complex topic. A recent survey from StackRox about the state of containers and Kubernetes security provides some interesting data on these topics. In this blog post, I’ll dive into some of the findings in that survey and introduce you to Kubewarden, an open source policy engine. A staggering 66 percent of the survey participants do not feel confident enough in the security measures they have in place.

KubeCon Operator Day keynote with Mark Shuttleworth

Operators, Models, Kubernetes, Hybrid Clouds, massive scale and bootstrapping quickly - Kubernetes is taking the the world by storm. So what's next? Mark Shuttleworth (one time astronaut, founder of Canonical, the company behind Ubuntu) talks with David Booth (VP Cloud Native Applications at Canonical) about the past and lays down a vision for the future. Miro board Juju website The Kubernetes and Cloud Native operations survey.

Kubernetes capacity planning: How to rightsize the requests of your cluster

Kubernetes capacity planning is one of the main challenges that infrastructure engineers have to face, as understanding Kubernetes limits and requests is not an easy thing. You might be reserving way more resources than you need to ensure your containers don’t run out of memory, or are CPU throttled. If you are in this situation, you’re going to be charged for those resources even if they aren’t being used, and it will also make deployments more difficult to schedule.

Continuous delivery with Ketch, GitHub Actions, and k3d

Can we combine the simplicity of deploying applications with Ketch with GitHub Actions and accomplish a fully automated continuous delivery pipeline? Here's what we'll do. We'll create GitHub Actions that will fully automate all the tasks starting from creating a pull request all the way until a release is deployed to production.

The rise of the developer platform

I have recently seen quite a few articles and talks covering why organizations are aiming at implementing a developer platform to help speed up the adoption of microservices within their organizations but before we get started on discussing what a developer platform is, the developer experience and productivity on Kubernetes, and how different teams are working through it, let’s define some common ground.

Digging into AWS Fargate runtime security approaches: Beyond ptrace and LD_PRELOAD

Fargate offers a great value proposition to AWS users: forget about virtual machines and just provision containers. Amazon will take care of the underlying hosts, so you will be able to focus on writing software instead of maintaining and upgrading a fleet of Linux instances. Fargate brings many benefits to the table, including small maintenance overhead, lower attack surface, and granular pricing. However, as any cloud asset, leaving your AWS Fargate tasks unattended can lead to nasty surprises.

A guide for CTO: 8 questions to ask before using Kubernetes

Congratulations, you finally consider moving your apps to Kubernetes. It is a big day! Here is a checklist to ensure you did not forget anything essential to increase your chances of success using Kubernetes. We divided those points into three sections, from the most important to the least. Let’s go.

Replay Single Transactions for Root Cause Analysis

Speedscale was built primarily to provide engineering teams with better insight into their applications over time, replaying single transactions for root cause analysis that give developers and SREs confidence that tomorrow’s application code will work just as well in production as it did yesterday.

Monitor kube-state-metrics v2.0 with Datadog

In order to manage complex containerized applications, modern devops teams need to have deep visibility into the status of their Kubernetes resources. By listening directly to the Kubernetes API, the open source kube-state-metrics service generates key metrics about your Kubernetes objects, including pods, nodes, and deployments, which are essential for understanding the status and performance of your clusters.

Unravel the hidden mysteries of your cluster with the new Kubernetes Dashboards

One of the greatest challenges you may face when creating Kubernetes dashboards is getting the full picture of your cluster. Kubernetes is the de-facto standard for container orchestration, but it also has a very steep learning curve. We, at Sysdig, use Kubernetes ourselves, and also help hundreds of customers dealing with their clusters every day. We are happy to share all that expertise with you in the Kubernetes Dashboards.

Register to the Qovery v2 beta now!

When we launched Qovery in January 2020, our product was still a prototype, and we onboarded 53 developers to help them deploy their apps in the cloud. At the time, we were only 2 on the team, and our first employee (Patryk Jeziorowski) decided to join us after being one of our first users. 18 months later, 3004 developers from more than 110 countries use Qovery to deploy their apps on their AWS and Digital Ocean account.

Testing in Production: How Did We Get Here?

Testing in production simply means testing new code changes in production, with live traffic, in order to test the system’s reliability, resiliency, and stability. It helps teams solve bugs and other issues faster, as well as effectively analyze the performance of newly released changes. Its overall purpose is to expose problems that can’t be identified in non-production environments for reasons that may include not being able to mimic the concurrency, load, or user behavior.

Automatically create and manage Kubernetes alerts with Datadog

Kubernetes enables teams to deploy and manage their own services, but this can lead to gaps in visibility as different teams create systems with varying configurations and resources. Without an established method for provisioning infrastructure, keeping track of these services becomes more challenging. Implementing infrastructure as code solves this problem by optimizing the process for provisioning and updating production-ready resources.

Kubernetes monitoring and troubleshooting made simple

Infrastructure monitoring was difficult enough when entire businesses ran off a few bare metal servers in a dusty, forgotten closet. Other IT infrastructure monitoring tools fell short, unable to provide complete and granular-enough metrics in real time, even when we were only dealing with a handful of systems responsible for running every part of the application stack.

Highly available Kubernetes in IoT: MicroK8s on RaspberryPi

Learn how to set up a Pi-Hole instance with a single command and a cluster of Raspberry Pis on MicroK8s. High availability, load balancing and Kubernetes configuration included. The Raspberry Pi 4 brings the graphics, RAM and connectivity needed for a Linux workstation, so why not use a cluster to set up your own Pi-Hole, the open source network-level ad blocker that acts as a DNS sinkhole or DHCP server.

Dynamic Service Graph | Tigera - Long

Downtime is expensive and applications are a challenge to troubleshoot across a dynamic, distributed environment consisting of Kubernetes clusters. While development teams and service owners typically understand the microservices they are deploying, it’s often difficult to get a complete, shared view of dependencies and how all the services are communicating with each other across a cluster. Limited observability makes it extremely difficult to troubleshoot end-to-end connectivity issues which can impact application deployment.

Application Layer Observability | Tigera - Long

The majority of operational problems inherent to deploying microservices in a distributed architecture are linked to two areas: networking and observability. At the application layer (Layer 7), the need to understand all aspects associated with service-to-service communication within the cluster becomes paramount. Service-to-service network traffic at this layer is often using HTTP. DevOps teams struggle with these questions: Where is monitoring needed? How can I understand the impact of issues and effectively troubleshoot? And how can I effectively protect application-layer data?

DNS Dashboard | Tigera - Long

While it’s an essential part of Kubernetes, DNS is also a common source of outages and issues in Kubernetes clusters. Debugging and troubleshooting DNS issues in Kubernetes environments is not a trivial task given the limited amount of information Kubernetes provides for DNS queries. The DNS Dashboard in Calico Enterprise and Calico CLoud helps Kubernetes teams more quickly confirm or eliminate DNS as the root cause for microservice and application connectivity issues.

Kubernetes: Weighing Advantages and Disadvantages

Kubernetes is one of the current leading technologies. Its adoption has seen tremendous growth in the past few years. The concept of containers is a paradigm that appears to be the predominant medium of software development and deployment in the coming future. Containers help maintain consistency across various platforms, as they pack an application with its dependencies to help move it from one platform to another.

Calico Enterprise enables live view of cloud-native apps deployed in Kubernetes

We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer. With this new release, developers, DevOps, SREs, and platform owners get: For more information, see our official press release.

Civo official launch!

Countdown to our official production launch! We'll be giving you a behind the scenes look at how we build and provision a new CivoStack region - our custom Kubernetes platform based on K3s. Including a specially recorded time-lapse build of our latest location. Featuring an introduction from our CEO Mark Boost, and Director of Innovation Dinesh Majrekar who will run you through our zero-touch region configuration.

Securing AWS Fargate workloads: Meeting File Integrity Monitoring (FIM) requirements

Securing AWS Fargate serverless workloads can be tricky as AWS does not provide much detail about the internal workings. After all… it’s not your business, AWS manages the scaling of underlying resources for you. :) While the security and stability of Fargate’s system is an inherent feature, Fargate follows a shared responsibility model, where you still have to take care of securing those parts specific to your application..

Secure container orchestration at the edge

The cloud-native way of building software allows for consistency across developer environments and massive scalability of application deployments. Both these attributes are useful for edge, but create new challenges related to security and resilience. Watch this demo to see how Canonical’s modular technology stack addresses these challenges by using well-known cloud primitives.

AWS Fargate runtime security - Implementing File Integrity Monitoring with Sysdig

Thanks to serverless you can focus on your apps, instead of your infrastructure. Take AWS Fargate as an example. A service where you can deploy containers as Tasks, without worrying what physical machine they run on. However, without access to the host How can you detect suspicious activity? Like, file changes on your Fargate tasks? Sysdig provides runtime detection and response to secure Fargate serverless containers.

Datadog Live Containers - Kubernetes Resources

Datadog Live Containers provides multidimensional, real-time visibility into Kubernetes workloads, from Deployments and ReplicaSets down to individual Containers. Using Datadog's curated metrics, teams can track the health and performance of their Kubernetes resources in the appropriate context and surface critical information about every layer of their Cluster.